Embedded DevOps: Nexus Artifact Repository and SonarQube Quality Analytics

When it comes to “Enterprise DevOps infrastructure”, most teams think of tools like Jenkins, JIRA, Bitbucket, Nexus, SonarQube being set up, licensed and maintained separately. SaaS cost of $500-2000 per month or 5-6 different servers that you will set up and manage yourself.

VDS Panel’s systemServices module makes this infrastructure installable from a single panel with a single click. In this article, we will explain what Nexus and SonarQube do, how to install them with the panel and how they integrate into your projects.

Bir bakışta

~2 min

Nexus installation time

~3 min

SonarQube installation time

Additional license fee

auto

Build integration

Nexus Repository Manager

Nexus is a special artifact repository for dependency management. It has three basic functions:

1. Proxy cache

Your team requests public repositories such as Maven Central, npm registry, and PyPI and downloads packages over the internet with each build. A team of 10 people downloads the same package hundreds of times. Nexus works as a proxy cache: when it is first downloaded, it is saved to local disk, and subsequent requests are quickly served from the same cache.

2. Private repository

You do not upload your own developed JARs (shared libraries, enterprise frameworks) to npm/Maven. Nexus hosts your own packages as a private repository.

3. Release management

Snapshot (development) and release (stable) packages are kept in separate repositories. It is automatically pushed to the relevant repo with the P0 command.

Classical

NO Nexus

Every build is internet dependent
Build fail if Maven Central crashes
Shared JAR = manual scp
Dependency version unchecked
Difficulty behind corporate proxy

Panel set up

Nexus YES

Cached packages are downloaded faster
Offline build possible
automatic push with mvn deploy
Versioning on the repo side
Firewall friendly

SonarQube Code Quality

SonarQube statically analyzes your code:

Bugs: Possible runtime errors (null pointer, resource leak, etc.)
Code smells: Places that require refactoring (duplicate code, high cyclomatic complexity)
Security vulnerabilities: SQL injection patterns, hardcoded password, weak crypto
Test coverage: Which lines have been tested
Technical debt: Estimated refactor time in hours

30+

language support

Java, JavaScript, TypeScript, Python, Go, C#, Ruby, PHP, Kotlin, Swift, Rust and more.

With each push, the panel sends your code to SonarQube. You can review the report from the panel interface or from SonarQube’s own UI.

Installation via panel

How many hours does the classic installation take?

Installing Nexus manually: Pull a Docker image, install volume, port configuration, admin password reset, define repository, nginx reverse proxy, SSL… Approximately 1-2 hours. SonarQube is similar. From the VDS Panel panel: ~5 minutes total.

Panel installation in three steps:

Go to the “Services” tab, system services catalog in the Panel main menu
Click “Install” on the “Nexus” box, the Panel creates the Docker container in the background, installs the volume, configures the nginx reverse proxy, imports the SSL certificate, generates the default admin password
Repeat the same for SonarQube, Separate volume, separate domain (like P0)

Both servings are ready in ~5 minutes.

Maven integration

Your project’s P0 or P1 file is automatically updated. Panel:

Passwords are stored in the panel secret vault, clear-text is not written to the file.

Gradle integration

P0 for Gradle projects:

The panel automatically injects P0 and P1 envs during build.

SonarQube scanner integration

At the end of each build, the panel runs the SonarQube scanner:

The token is automatically generated by the panel. Conclusion:

Quality report for the project in SonarQube dashboard
Summary on the panel main screen (number of critical bugs, coverage percentage)
Findings as comments to Pull Request (if GitHub integration is active)

##QualityGate

SonarQube allows you to define a Quality Gate: builds that do not meet certain criteria are considered unsuccessful. Example:

Critical bug: 0
High severity bug: < 5
Test coverage: > 60%
Duplicated lines: < 3%
Maintainability rating: A

Panel can stop deployment if Quality Gate fails. Bad code does not enter Production.

Gradual adoption

If coverage is at 30% in an existing project, you cannot immediately force the Quality Gate to 60%. While Quality Gates require 80% coverage for “new code”, it may be looser for “overall”. The panel supports this strategic setting.

Storage and cost

Nexus and SonarQube data in panel volumes:

Nexus cache: ~5-20 GB (depending on packages)
SonarQube DB: ~1-5 GB (depending on the number of projects)
Backed up daily
30 days retention

No additional costs; It uses your existing VPS disk.

Other built-in services

Panel systemOther tools in the service catalogue:

RabbitMQ, message queue
MinIO, S3-compatible object storage
pgAdmin, PostgreSQL web UI
phpMyAdmin, MySQL web UI
Mongo Express, MongoDB web UI
Redis Commander, Redis web UI

All with the same logic: install with one click, let the panel manage it.

Conclusion

It is now possible to run Enterprise DevOps infrastructure on the budget of small teams. Critical services such as Nexus and SonarQube, which normally require separate installation, can be installed with a single click with VDS Panel’s systemServices module. Each build provides automatic quality analysis and artifact push, standard DevOps practices that increase trust in your team.

You can check the home page for the ready services list and contact the contact form to plan the installation process together.